InfoQ interviewed Captchamvc founder Vyacheslav Volkov, who explored the CAPTCHAMVC project and his views on the future of Captcha.
InfoQ: What prompted you to create your own CAPTCHA library?
At that time I was starting to use the MVC 3 framework. I started looking for a solution that would solve my problem because I needed to use the CAPTCHA in my own project. But all the solutions I can find are only available on MVC 2, and some are not even available at all. After searching for so much content, I decided to write my own verification code implementation, so there was the first version of the Captchamvc class library. This version is very simple, but even so, it is popular.
What is the difference between INFOQ:CAPTCHAMVC and other CAPTCHA libraries?
CAPTCHAMVC is a flexible, simple solution that solves all the verification code related issues in your project. All you need to do is add a class library to your project and the verification code will be ready when you add it. The project has everything you need to use the verification code:
- There are two types of verification codes, ordinary and mathematical.
- Support for storing verification codes in session or cookie
- Support "Smart Verification Code"
- The ability to easily extend the default implementation
The project is also evolving and I will try to support the needs of everyone. I think these are the main things that distinguish it from other projects.
InfoQ: Can you foresee when the verification code will no longer be needed? Or maybe it's not working?
We were all dreaming of that time. Protection for robots will always be needed, and verification codes are just one way to achieve this protection. There are a variety of technologies that do not require verification codes. For example, some developers will create a "fake" input field, while allowing the domain to be hidden from the user, and when a bot tries to populate the form, it is likely that it will fill in the field.
Still, it's hard to say that verification codes are effective in preventing spam, and there are many services that allow bypassing verification codes. Verification codes can only enhance your website's protection against robots, but they do not provide comprehensive protection.
InfoQ: You list this project to support ASP. NET MVC 3, 4, and 5. Are there really a lot of differences between these versions?
There is little difference between these versions, only the Allowanonymousattribute attributes added in MVC 4 are used in the class library.
InfoQ: What would you modify if you could modify any of the ASP. NET MVC Plugin/class library support?
ASP. NET MVC is a great web framework and I like the architectural solution it uses. There is one place I don't like about the asp: We can't read the contents of the request multiple times. I know why this is so designed, the content body in the ASP. NET Web API is considered a one-way stream that can only be read once, but sometimes it's very inconvenient.
I want to change a lot of things in Wpf\silverlight\xaml, but this topic should be discussed in another interview.
InfoQ: What is the difference between a "smart verification Code" and a normal captcha?
The basic idea is to make the verification code more user friendly, and in the best case the user will never see the verification code. There are several technologies that make verification codes more friendly. For example, there is a technique called a "false input domain". CAPTCHAMVC supports multiple technologies to differentiate between users and robots. Let me briefly introduce each of these technologies:
- False input (class name-fakeinputintelligencepolicy)--Use a "dummy" input field, as I wrote earlier.
- JavaScript (class name-javascriptintelligencepolicy)--Try to check if the user has JavaScript enabled, and if the user disables JavaScript then the user must enter a verification code
- Response Time (class name-responsetimeintelligencepolicy)--allows you to set a time during which the CAPTCHA will be considered invalid. If a bot requests a form, populates it and submits ... The time between page loading and submission may be less than a second--no one can do that.
- A combination of multiple ways (class name-multiintelligencepolicy)--Allows you to federate different policies together.
I want to give you a code example that allows you to set up a smart captcha, here's a sample code that I used on my site:
CaptchaUtils.CaptchaManager.IntelligencePolicy = new Multiintelligencepolicy (new Fakeinputintelligencepolicy (), New Javascriptintelligencepolicy (), New Responsetimeintelligencepolicy (Timespan.fromseconds (3)));
Now I'm writing a new version that will support the ASP. So far this is all my plans, but things may change in the future, and I will add some other content.
View English Original : Interview with Vyacheslav Volkov, Creator of CAPTCHAMVC
[Turn] Interview Captchamvc founder Vyacheslav Volkov